Keystonemiddleware Security Vulnerabilities and Issues — Keystonemiddleware CVE List

OpenstackKeystonemiddleware

3 matches found

CVE•added 2015/04/17 5:0 p.m.•106 views

CVE-2015-1852

OpenStack keystonemiddleware and python-keystoneclient are vulnerable to a man-in-the-middle attack when the paste.ini configuration’s insecure option is used. Specifically, the s3_token middleware in keystonemiddleware (and python-keystoneclient) disables TLS certificate verification if insecure...

4.3CVSS7.1AI score0.02586EPSS

CVE•added 2014/10/02 2:0 p.m.•76 views

CVE-2014-7144

OpenStack keystonemiddleware/python-keystoneclient (0.x <0.11.0; 1.x

4.3CVSS6.2AI score0.01948EPSS

CVE•added 2016/02/03 3:0 p.m.•63 views

CVE-2015-7546

CVE-2015-7546 affects OpenStack Keystone and related keystonemiddleware: the identity service fails to invalidate authorization tokens when using PKI or PKIZ providers, enabling remote authenticated users to bypass access controls by manipulating bytes in a revoked token. Affected versions includ...

7.5CVSS7.2AI score0.01708EPSS